Skip to main content
Springer Nature Link
Log in

Formal Verification of Emulated Floating-Point Arithmetic in Falcon

  • Conference paper
  • First Online:
Advances in Information and Computer Security (IWSEC 2024)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14977))

Included in the following conference series:

  • 293 Accesses

Abstract

We show that there is a discrepancy between the emulated floating-point multiplication in the submission package of the digital signature Falcon and the claimed behavior. In particular, we show that some floating-point products with absolute values the smallest normal positive floating-point number are incorrectly zeroized. However, we show that the discrepancy doesn’t affect the complex fast Fourier transform in the signature generation of Falcon by modeling the floating-point addition, subtraction, and multiplication in CryptoLine. We later implement our own floating-point multiplications in Armv7-M assembly and Jasmin and prove their equivalence with our model, demonstrating the possibility of transferring the challenging verification task (verifying highly-optimized assembly) to the presumably more readable code base (Jasmin).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    For example, Frama-C [CKKPSY12] only shows that the floating-point number is upper-bounded by a floating-point number and lower-bounded by 0, which is useless for proving the non-smallness of the absolute values of non-zero floating-point numbers.

References

  1. Almeida, J.B., et al.: Jasmin: high-assurance and high-speed cryptography. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1807–1823 (2017). https://dl.acm.org/doi/10.1145/3133956.3134078

  2. Almeida, J.B., et al.: Machine-checked proofs for cryptographic standards: indifferentiability of sponge and secure high-assurance implementations of SHA-3. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1607–1622 (2019). https://dl.acm.org/doi/10.1145/3319535.3363211

  3. Almeida, J.B., et al.: The last mile: high-assurance and highspeed cryptographic implementations. In: 2020 IEEE Symposium on Security and Privacy (SP), pp. 965–982. IEEE (2020)

    Google Scholar 

  4. Almeida, J.B., et al.: Formally verifying Kyber episode IV: implementation correctness. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2023(3), 164–193 (2023). https://tches.iacr.org/index.php/TCHES/article/view/10960

  5. Bernstein, D.J., et al.: Gimli: a cross-platform permutation. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 299–320. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66787-4_15

    Chapter  Google Scholar 

  6. Bernstein, D.J.: The Poly1305-AES message-authentication code. In: Gilbert, H., Handschuh, H. (eds.) FSE 2005. LNCS, vol. 3557, pp. 32–49. Springer, Heidelberg (2005). https://doi.org/10.1007/11502760_3

    Chapter  Google Scholar 

  7. Bernstein, D.J.: ChaCha, a variant of Salsa20. In: Workshop record of The State of the Art of Stream Ciphers, pp. 273–278 (2008). https://www.ecrypt.eu.org/stvl/sasc2008/SASCRecord.zip. Citeseer

  8. Cuoq, P., Kirchner, F., Kosmatov, N., Prevosto, V., Signoles, J., Yakobowski, B.: Frama-C: a software analysis perspective. In: Eleftherakis, G., Hinchey, M., Holcombe, M. (eds.) SEFM 2012. LNCS, vol. 7504, pp. 233–247. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-33826-7_16

    Chapter  Google Scholar 

  9. Chuengsatiansup, C., Prest, T., Stehlé, D., Wallet, A., Xagawa, K.: ModFalcon: compact signatures based on module-NTRU lattices. In: Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, pp. 853–866 (2020)

    Google Scholar 

  10. Ducas, L., Galbraith, S., Prest, T., Yu, Y.: Integral matrix gram root and lattice gaussian sampling without floats. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12106, pp. 608–637. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45724-2_21

    Chapter  Google Scholar 

  11. Ducas, L., Prest, T.: Fast Fourier Orthogonalization. In: Proceedings of the ACM on International Symposium on Symbolic and Algebraic Computation, pp. 191–198 (2016). https://doi.org/10.1007/978-3-031-15777-6_7

  12. Espitau, T., et al.: Mitaka: a simpler, parallelizable, maskable variant of falcon. In: Dunkelman, O., Dziembowski, S. (eds.) EUROCRYPT 2022. LNCS, vol. 13277, pp. 222–253. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-07082-2_9

    Chapter  Google Scholar 

  13. Fu, Y.F., Liu, J., Shi, X., Tsai, M.-H., Wang, B.-Y., Yang, B.-Y.: Signed cryptographic program verification with typed cryptoline. In: Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security, pp. 1591–1606 (2019). https://dl.acm.org/doi/abs/10.1145/3319535.3354199

  14. Hwang, V., et al.: Verified NTT multiplications for NISTPQC KEM lattice finalists: Kyber, SABER, and NTRU. IACR Trans. Cryptogr. Hardw. Embed. Syst. 718–750 (2022). https://tches.iacr.org/index.php/TCHES/article/view/9838

  15. Lai, L.-C., Liu, J., Shi, X., Tsai, M.-H., Wang, B.-Y., Yang, B.-Y.: Automatic verification of cryptographic block function implementations with logical equivalence checking. Cryptology ePrint Archive, Paper 2023/1861 (2023). https://eprint.iacr.org/2023/1861

  16. Liu, J., Shi, X., Tsai, M.-H., Wang, B.-Y., Yang, B.-Y.: Verifying arithmetic in cryptographic C programs. In: 2019 34th IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 552–564. IEEE (2019). https://ieeexplore.ieee.org/document/8952256

  17. Pornin, T.: New efficient, constant-time implementations of falcon (2019). https://eprint.iacr.org/2019/893

  18. Pornin, T.: Improved key pair generation for falcon, BAT and Hawk (2023). https://eprint.iacr.org/2023/290

  19. Prest, T., et al.: Falcon. Submission to the NIST Post-Quantum Cryptography Standardization Project [NISTPQC] (2020). https://falcon-sign.info/

  20. Pollack, P., Treviño, E.: Finding the four squares in Lagrange’s theorem. Integers 18A, A15 (2018). https://api.semanticscholar.org/CorpusID:203588112

  21. Polyakov, A., Tsai, M.-H., Wang, B.-Y., Yang, B.-Y.: Verifying arithmetic assembly programs in cryptographic primitives (invited talk). In: 29th International Conference on Concurrency Theory (CONCUR 2018). Schloss Dagstuhl-Leibniz-Zentrum fuer Informatik (2018). https://drops.dagstuhl.de/entities/document/10.4230/LIPIcs.CONCUR.2018.4

  22. Tsai, M.-H., Wang, B.-Y., Yang, B.-Y.; Certified verification of algebraic properties on low-level mathematical constructs in cryptographic programs. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1973–1987 (2017). https://dl.acm.org/doi/abs/10.1145/3133956.3134076

Download references

Acknowledgements

The author would like to thank Tiago Oliveira for a tutorial of Jasmin, Thomas Pornin for providing the experimental range of the intermediate floating-point numbers, eventually motivating the author to develope the range-checking, and Academia Sinica for the hospitality under grant AS-GCS-113-M07.

Author information

Authors and Affiliations

  1. Max Planck Institute for Security and Privacy, Bochum, Germany

    Vincent Hwang

Authors
  1. Vincent Hwang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Vincent Hwang .

Editor information

Editors and Affiliations

  1. NEC and Yokohama National University, Kawasaki, Japan

    Kazuhiko Minematsu

  2. National Defense Academy, Yokosuka, Japan

    Mamoru Mimura

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Hwang, V. (2024). Formal Verification of Emulated Floating-Point Arithmetic in Falcon. In: Minematsu, K., Mimura, M. (eds) Advances in Information and Computer Security. IWSEC 2024. Lecture Notes in Computer Science, vol 14977. Springer, Singapore. https://doi.org/10.1007/978-981-97-7737-2_7

Download citation

  • DOI: https://doi.org/10.1007/978-981-97-7737-2_7

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-97-7736-5

  • Online ISBN: 978-981-97-7737-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics